On May 23, 2023, Cofense researchers reported a phishing campaign with threat actors leveraging paid time off (PTO) and vacation requests as a lure theme. Context The report is based on a Phishing Defence Center (PDC)-reported a phishing campaign where threat actors sent emails to users claiming to be from ‘HR Departments’ and providing the users with links…
Read More
With cybersecurity being a flourishing industry with promising job opportunities, recent college graduates may have their sights set on a career in cyber threat intelligence. The notion that graduates must obtain a degree in computer science, computer programming, or machine learning to land a career in cybersecurity is no longer the case. Many skills developed…
Read More
Context On May 16, 2023, ZScaler threat researchers reported the technical details of a new ransomware-as-a-service (RaaS) operation they’ve observed being advertised on dark web forums. ZScaler researchers provided the following key takeaways: CryptNet is a new ransomware-as-a-service that has been advertised in underground forums since at least April 2023 The CryptNet threat group claims…
Read More
Context On May 4, 2023, VulnCheck researchers released a proof-of-concept (POC) exploit for CVE-2023-27350. According to the report, the exploit bypasses current detection options for attacks leveraging the vulnerability. Technical Details According to NIST, CVE-2023-27350 “allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to…
Read More
This month’s member spotlight is Christopher (Chris) De La Rosa, senior threat intelligence analyst at DICK’S Sporting Goods. During our conversation with Chris, he expanded upon his unconventional path leading to his career in threat intelligence and his day-to-day duties. Keep an eye out for Chris at the upcoming RH-ISAC Summit as he is hoping…
Read More
